Recommended update for mozilla-nss

Announcement ID: SUSE-RU-2026:1467-1
Release Date: 2026-04-20T08:10:50Z
Rating: moderate
References:
Affected Products:
  • SUSE Linux Enterprise Micro 5.2
  • SUSE Linux Enterprise Micro for Rancher 5.2

An update that can now be installed.

Description:

This update for mozilla-nss fixes the following issues:

Update to NSS 3.112.4:

  • improve error handling in PK11_ImportPrivateKeyInfoAndReturnKey.
  • Improving the allocation of S/MIME DecryptSymKey.
  • store email on subject cache_entry in NSS trust domain.
  • Heap use-after-free in cert_VerifyCertChainOld via dangling certsList[] entry on NameConstraints violation.
  • Improve size calculations in CMS content buffering.
  • avoid integer overflow while escaping RFC822 Names.
  • Reject excessively large ASN.1 SEQUENCE OF in quickder.
  • Deep copy profile data in CERT_FindSMimeProfile.
  • Improve input validation in DSAU signature decoding.
  • avoid integer overflow in RSA_EMSAEncodePSS.
  • RSA_EMSAEncodePSS should validate the length of mHash.
  • Add a maximum cert uncompressed len and tests.
  • Clarify extension negotiation mechanism for TLS Handshakes.
  • ensure permittedSubtrees don't match wildcards that could be outside the permitted tree.
  • Fix integer underflow in tls13_AEAD when ciphertext is shorter than tag.
  • Remove invalid PORT_Free().
  • free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  • make ss->ssl3.hs.cookie an owned-copy of the cookie.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Micro 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1467=1
  • SUSE Linux Enterprise Micro for Rancher 5.2
    zypper in -t patch SUSE-SUSE-MicroOS-5.2-2026-1467=1

Package List:

  • SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64)
    • mozilla-nss-certs-3.112.4-150000.3.138.1
    • libfreebl3-3.112.4-150000.3.138.1
    • libfreebl3-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-certs-debuginfo-3.112.4-150000.3.138.1
    • libsoftokn3-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-tools-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-3.112.4-150000.3.138.1
    • mozilla-nss-debugsource-3.112.4-150000.3.138.1
    • mozilla-nss-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-tools-3.112.4-150000.3.138.1
    • libsoftokn3-3.112.4-150000.3.138.1
  • SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64)
    • mozilla-nss-certs-3.112.4-150000.3.138.1
    • libfreebl3-3.112.4-150000.3.138.1
    • libfreebl3-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-certs-debuginfo-3.112.4-150000.3.138.1
    • libsoftokn3-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-tools-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-3.112.4-150000.3.138.1
    • mozilla-nss-debugsource-3.112.4-150000.3.138.1
    • mozilla-nss-debuginfo-3.112.4-150000.3.138.1
    • mozilla-nss-tools-3.112.4-150000.3.138.1
    • libsoftokn3-3.112.4-150000.3.138.1